Presentation is loading. Please wait.

Presentation is loading. Please wait.

05/06/2008kbele/cs5261 Role Based Secure Web Application Framework By Kunal Bele.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "05/06/2008kbele/cs5261 Role Based Secure Web Application Framework By Kunal Bele."— Presentation transcript:

1 05/06/2008kbele/cs5261 Role Based Secure Web Application Framework By Kunal Bele

2 05/06/2008kbele/cs5262 Outline of the talk  Motivation for the project  Earlier Work  About the Web-Application  Security  Basic Architecture  Features

3 05/06/2008kbele/cs5263 Motivation for the Project  Some web-based medical diagnosis services has secure requirements to protect patient data -Neuroguide project sponsored by PEAK Ageing with Dr. Sara Quall - HMTR project for rehab - HIPAA (Health Insurance Portability and Accountability Act ) Accountability Act )

4 05/06/2008kbele/cs5264 Earlier Work  Secure Information Sharing (SIS) project by Ganesh Godavari which utilized Attribute Certificates to Authenticate ROLE-based information.  ENgine FOR Controlling Emergent (ENforCE) Hierarchical Role-Based Access developed by Osama Khaleel in his Master’s Thesis.

5 05/06/2008kbele/cs5265 HIPAA Policies  HIPAA sets forth 3 main security policies 1. Administrative - Access to the health information must be restricted to only those employees who have a need for it to complete their job function. 2. Physical - Access to hardware and software must be limited to properly authorized individuals. 3. Technical - When information flows over open networks, some form of encryption must be utilized.

6 05/06/2008kbele/cs5266 Tools for the Project  Web Application – J2EE  Web Server – Apache Tomcat  Database – MySQL  Platform - Linux

7 05/06/2008kbele/cs5267 About the Web-Application  Application consists of the records of the patients & their diagnosis  Patient’s data to be stored securely (encrypted)  Data to be retrieved depending on the ROLE of the person retrieving the data  Other data to be kept encrypted/invisible

8 05/06/2008kbele/cs5268 Data Viewed  Patients – Only their own personal records  Doctors – All the records of all the patients  Research Assistants – Only the diagnosis

9 05/06/2008kbele/cs5269 The Framework The Framework  The Goal - Automating several encryption steps like getting client-key, setting attributes, encryption technique into an API.  Suggestions?

10 05/06/2008kbele/cs52610 Security  Two types of security:: - Username-Password based - Certificate based  Which one is more secure?

11 05/06/2008kbele/cs52611 Features  Data to be first encrypted & then to be stored in database. Hence, even if Database is hacked, no direct information retrieved.

12 05/06/2008kbele/cs52612 References  Osama Khaleel's Master Thesis Osama Khaleel's Master Thesis Osama Khaleel's Master Thesis  Secure Web Server with Client Certificate Authentication & Access – Dr. Chow Secure Web Server with Client Certificate Authentication & Access – Dr. Chow Secure Web Server with Client Certificate Authentication & Access – Dr. Chow  Rights of the Patients Rights of the Patients Rights of the Patients  HIPAA wiki HIPAA wiki HIPAA wiki

Download ppt "05/06/2008kbele/cs5261 Role Based Secure Web Application Framework By Kunal Bele."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Engineering Medical Information Systems

Engineering Medical Information Systems
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.

Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.
Security Controls – What Works

Security Controls – What Works
1 Rhode Island Transportation Information System. (RITIS) Spring, 2000.

1 Rhode Island Transportation Information System. (RITIS) Spring, 2000.
SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise

1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.

Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google